Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:32902
HistoryNov 11, 2021 - 4:14 a.m.

Improper Input Validation

2021-11-1104:14:11
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
23
pip
input validation
unicode
security
flaw
attacker
repository

EPSS

0.001

Percentile

28.0%

pip suffers from improper input validation. The library does not properly handle unicode separators in git references. An attacker can use this flaw to install a different revision on a repository.